Fiserv Prologue through 2020-12-16 does not properly...
Moderate severity
Unreviewed
Published
Aug 24, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Aug 23, 2022
Published to the GitHub Advisory Database
Aug 24, 2022
Last updated
Jan 30, 2023
Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database.
References